New Ubuntu phone vulnerabilities

At the start of October the ‘Canonical’s Ubuntu phone vulnerabilities’ brought up a stir in several security companies. Rapid7 was one such company and Tod Beardsley, security engineering manage, brought up several points of view in regards to it. He stated:

“The install base of Canonical’s Ubuntu phone is tiny compared to Android and iOS,
so it is unsurprising that there are few, if any, independent security researchers
studying the security models in use. I do think that this story is ultimately
positive for Canonical: even though only 15 (total) devices were affected, Canonical
spun out a fix within hours of learning of the bug. Vulnerabilities are routinely
reported against Android and iOS, and those issues often take months to be fixed on
handsets. Of course, those Android and iOS issues affect a user base several orders
of magnitude larger than Canonical’s entire user base, so vulnerability
responsiveness is much more important.

I don’t doubt that Ubuntu phones ship with vulnerabilities, just as Android, iOS,
BlackBerry, and Windows phones do. It is impossible to ship bug-free code if the
code is at all complex. What is important, is the responsiveness of the vendor when
presented with evidence of a vulnerability, so in this case, Canonical appears to be
acting as an exemplary vendor.”